A layer-4 switch is a vswitch product developed through the layer-4 switch technology. A layer-4 switch is not so much a network device as a network management system. In recent years, with the popularization of Mbit/s, Gbit/s, and even Mbit/s, the wide application of Broadband LAN and even Bandwidth WAN has driven the continuous development of switch technology. In enterprise applications, the rapid development of Internet, the adoption of e-commerce, e-government, e-trade, e-futures and other online trading methods, while accelerating logistics and capital flow turnover, it also accelerates the rapid increase of information, which puts a great deal of pressure on the Network Information Center Server.
What is layer-4 switch?
The layer-4 switch is a switch product developed using the layer-4 switch technology. Of course, it works on the layer-4 of the OSI/RM model, that is, the transport layer, directly facing specific applications. In terms of functions, a layer-4 switch is not so much a hardware network device as a software network management system. In other words, it is a type of software technology-oriented, network Management switching device supplemented by hardware technology. The layer-4 switch supports all protocols below the layer-4 of TCP/UDP, such as HTTP, FTP, Telnet, and SSL. It can recognize the packet header length of at least 80 bytes, the application types of data packets can be distinguished based on the TCP/UDP port numbers to achieve access control at the application layer and ensure service quality.
Many people are confused about the principle of the layer-4 switch and the layer-3 switch. The so-called layer-4 switch actually adds the ability to identify the layer-4 protocol port on the layer-3 switch, only some value-added software has been added to the layer-3 switch. It does not work on the transport layer, but still performs switching operations on the layer-3 switch. The layer-4 switch distinguishes data packets based on TCP/UDP port numbers. That is to say, the layer-4 switch not only has all the switching functions and performance of the layer-3 switch, it also supports smart functions that are impossible for layer-3 switches to control network traffic and service quality.
Key technologies supported by layer-4 vswitches
Different from the L2 Switch, the MAC address and 802.1Q VLAN tags are used to complete the link layer switch process, it is also different from layer-3 switching/routing devices that use IP address information for network path selection to complete the switching process, the layer-4 switching device uses the packet header information of the transport layer to help information exchange and transmission, that is, all protocols or processes in each IP packet, in this way, the layer-4 Exchange Protocol is TCP used for connection-based conversations, such as FTP) and UDP for connectionless communication, such as SNMP or SMTP.
Because the packet header of TCP and UDP data packets can specify the type of the data packet being transmitted, use the information port number related to the specific application ), you can complete a large number of quality services related to network data and information transmission and exchange. Five of these technologies are crucial and are also the main technologies widely used by layer-4 switches.
I. package filtering/security control:
Unlike traditional software-based routers, layer-4 switching is different from layer-3 switching, that is, this filtering capability is implemented in ASIC dedicated high-speed chips, so that the security filtering control mechanism can be implemented at full speed, greatly improving the packet filtering rate. The use of layer-4 Information to define filtering rules has become the default standard for general routers. It not only allows or disables connections between IP subnets, but also controls communication between specified TCP/UDP ports.
Ii. Service Quality:
In the hierarchy of the network system, the layer-4 Information of TCP/UDP is often used to establish application-level communication priority. For example, the port number of the data packet in TCP/UDP is exchanged. It allows you to prioritize communication data based on applications and use a certain amount of bandwidth for important applications based on the traffic of a specific application. In a sense, layer-4 Switching provides a service level COS in the network. This can reduce WWW or FTP traffic for an Intranet and set higher priority for E-MAIL or Telent traffic. Therefore, the layer-4 switch is particularly important based on this function. In information communication, priority cannot be discussed due to the lack of fourth-level information, which will greatly prevent the rapid transmission of emergency applications on the network.
Iii. Server Load balancer:
The server Load balancer Mode Supported by the layer-4 switch is to attach an IP address of the Server Load balancer service to a group of different physical servers, and set up virtual IP address VIP for each server group for search ). In the Domain Name Server DNS), the address of each application server stored is VIP, rather than the actual server address. When a user applies for an application, a VIP connection request with the target server group, such as a TCPSYN packet, is sent to the server switch. The server switch selects the best server in the group and replaces the VIP address in the terminal address with the IP address of the actual server. Only after the network address is converted to NAT by the switch, servers that are not registered with IP addresses can be accessed. This setting can effectively prevent unauthorized access.
Iv. Standby host connection:
The standby host Connection provides redundant connections for Port Devices to effectively protect the system in the event of a switch failure. Because the shared MAC address is used, the backup switch receives the same data as the master unit, which enables the backup switch to monitor the communication content of the master switch service. The primary switch continuously notifies the backup switch of data, MAC data, and its power status at Layer 4. When the primary switch encounters a fault, the backup switch automatically takes over without interrupting the conversation or connection.
V. Statistics:
The layer-4 switch can provide more detailed statistical records by querying layer-4 data packets. In this way, the administrator can collect more detailed information about which IP address is being communicated as needed, or even collect communication information based on which Application Layer Service is involved in the communication. These statistics are particularly effective for examining the load of each application on the server, for example, you can view the system resources occupied by a service application.
Conclusion:
The layer-4 exchange technology has obvious advantages over the layer-2 and layer-3 exchange technology. It is different from a router or layer-3 switch. It only processes a single package. It is unclear where the previous package comes from or where the next package is located, A priority queue is established only based on the number of TCP ports in the packet header. The router determines the packet route based on the links and available nodes of the network; the layer-4 switch determines the interval based on the available servers and performance.
Today, the formation of a high-speed, broadband, stable, reliable, and able to integrate security and confidentiality and other new needs of the internal external network system, is the current trend of enterprise network development. Driven by the huge market potential, more manufacturers are committed to better and more advanced layer-4 switches, and even layer-7 switches are the trend of the times, this will further promote the development of network application technologies.